Mozilla's AI agents fix 423 Firefox bugs in one month

Mozilla's AI agents fixed an unprecedented 423 Firefox security bugs in just one month, a nearly twenty-fold increase from the monthly average of approximately 21 bugs in 2025. This massive leap in productivity was achieved not with new models or more staff, but with a simple and highly effective "agentic harness" that pairs AI with a rigorous, crash-based verification system.

How the AI Harness Finds and Verifies Bugs

Mozilla developed an agentic harness that pairs AI models with a strict, crash-based verification system. This pipeline automatically generates and tests potential exploits, only escalating confirmed, reproducible bugs to human engineers. This process filters out nearly all false positives and ensures the validity of each reported vulnerability.

The key is a simple orchestration layer that funnels only high-confidence bugs to humans. The process begins by having an AI score source files based on memory-safety risk. A primary agent, using a model like Anthropic's Claude Mythos Preview, is then given a focused prompt.

"The model is told a creative lie: 'We know a bug is in this file - go find it.' That single prompt keeps agents looping until a real crash appears." - ChatPRD write-up

When the agent proposes an exploit, the harness runs it in a special sanitizer build. A crash confirms the bug's existence. A second AI agent then grades the report's quality before any patch is sent for human review, a dual-verification gate that practically eliminates false positives.

Unprecedented Scale and High-Impact Results

Once the process was validated, Mozilla scaled it horizontally. The Register reports that jobs now run across many short-lived virtual machines, allowing dozens of agents to hunt for bugs 24/7. This parallel approach is reportedly why significant historic fix volume was matched in just 30 days.

The impact was most significant in high-priority areas like the JIT compiler, DOM tree, and IPC layers. Among the 423 fixes, 180 were rated as high-severity. HelpNetSecurity notes that this flow identified approximately 271 vulnerabilities fixed in Firefox 150, including a bug that had lingered for nearly two decades. Engineers noted that crash reliability is typically assessed through statistical analysis of incident rates rather than counting individual attempts per issue.

Industry Context and Remaining Challenges

While other companies are using AI for security, their focus often differs. Checkmarx is embedding agents into IDEs to prevent flaws during coding, while Endor and Lineaje focus on supply-chain remediation, according to TechTarget. Unlike Mozilla's exploit-backed loop, these tools often rely on static analysis, raising questions about verification depth.

Experts believe full autonomy is still limited by verification costs. TechTarget has documented cases where large models "fix" a flaw by simply commenting out entire code blocks. Furthermore, SecureWorld adds that high false-positive rates can overwhelm security teams without stringent gates like Mozilla's crash requirement. Theoretical work from CSET also warns that undecidable program properties place a hard cap on what automated systems can truly guarantee.

Despite these caveats, the results suggest that deterministic feedback loops can empower AI to operate at machine speed within mature codebases. Whether other projects adopt this crash-first gating model or stick to lighter static checks remains a key question for the future of security engineering.